Re: [Full-disclosure] [Professional IT Security Reviewers - Exposed] SecReview ( F - )

["Mike Vasquez" <mike.vasquez@xxxxxxxxx>]

What I really want to know, is if a past customer (err - reader?) of sec
review surfaces with a negative opinion of them, will you adjust your grade
accordingly?



On Dec 20, 2007 1:20 PM, Sec Review Sucks <secreview.exposed@xxxxxxxxx>
wrote:

> This rating is based entirely off my personal feelings after reading
> several of the emails you've sent out to the Full Disclosure list.  I bring
> up the following as my reasoning:
>
> 1.) What are your qualifications for reviewing these companies?
> 2.) Your criteria for review is clearly flawed.  Reviewing marketing
> material, websites, etc. is just ridiculous.  Typically these are not
> created by the security team itself, but instead the marketing department
> for a company.  You only just mentioned that you started reviewing sample
> reports, and that not all companies are willing to provide these.  How could
> you possibly review a company WITHOUT a sample report at the minimum?
> 3.) What is your scoring system?  Do you even have one?
> 4.) If company A does not submit themselves for review, and therefore will
> not provide you with the information you need to review them, do they get a
> lower score?
>
> In any case, a consulting company provides far more then simply a
> marketing site and sample deliverables.  Unless you can survey a companies
> customers, I don't see how you could ever make a reasonably accurate
> assumption.  Therefore, I rate SecReview as an F-.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/